summaryrefslogtreecommitdiff
path: root/etc/ca.conf
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-09-02 10:57:31 +0200
committerErich Eckner <git@eckner.net>2019-09-02 12:03:10 +0200
commitdfbcea79b227d150e2f5a35f9172f4f12d025fc2 (patch)
treead00fe538d8acbc311839d2d1bb101ec4b835349 /etc/ca.conf
parent1528df30f0084924b3ab49c0083438479ecb7838 (diff)
downloadsimple-pki-dfbcea79b227d150e2f5a35f9172f4f12d025fc2.tar.xz
shorter lifetime for certs
Diffstat (limited to 'etc/ca.conf')
-rw-r--r--etc/ca.conf6
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/ca.conf b/etc/ca.conf
index 0b768e0..74c4065 100644
--- a/etc/ca.conf
+++ b/etc/ca.conf
@@ -46,7 +46,7 @@ serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file
crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file
database = $dir/ca/$ca/db/$ca.db # Index file
unique_subject = no # Require unique subject
-default_days = 3652 # How long to certify for
+default_days = 365 # How long to certify for
default_md = sha1 # MD to use
policy = match_pol # Default naming policy
email_in_dn = no # Add email to cert DN
@@ -55,7 +55,7 @@ name_opt = ca_default # Subject DN display options
cert_opt = ca_default # Certificate display options
copy_extensions = none # Copy extensions from CSR
x509_extensions = signing_ca_ext # Default cert extensions
-default_crl_days = 365 # How long before next CRL
+default_crl_days = 30 # How long before next CRL
crl_extensions = crl_ext # CRL extensions
[ signing_ca ]
@@ -66,7 +66,7 @@ serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file
crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file
database = $dir/ca/$ca/db/$ca.db # Index file
unique_subject = no # Require unique subject
-default_days = 730 # How long to certify for
+default_days = 90 # How long to certify for
default_md = sha1 # MD to use
policy = match_pol # Default naming policy
email_in_dn = no # Add email to cert DN